CVE-2025-8088
Path traversal vulnerability in WinRAR
En resumen
WinRAR en Windows tiene una falla que permite a los atacantes ejecutar código malicioso mediante archivos comprimidos especialmente diseñados. Al abrir estos archivos, el código del atacante puede ejecutarse en tu computadora.
Detalle técnico
Una vulnerabilidad de path traversal en WinRAR para Windows permite ejecución remota de código a través de archivos comprimidos maliciosos. La falla explota validación insuficiente de rutas durante la extracción, permitiendo que atacantes escriban y ejecuten código arbitrario; la vulnerabilidad ha sido explotada activamente en la naturaleza.
Resumen generado y traducido por IA a partir de la descripción oficial.
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček
from ESET.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
win.rar GmbH · WinRARPoCs públicas encontradas — 29
githubgithub.com/sxyrxyy/CVE-2025-8088-WinRAR-Proof-of-Concept-PoC-Exploit-★ 71githubgithub.com/onlytoxi/CVE-2025-8088-Winrar-Tool★ 56githubgithub.com/knight0x07/WinRAR-CVE-2025-8088-PoC-RAR★ 46githubgithub.com/hexsecteam/CVE-2025-8088-Winrar-Tool★ 40githubgithub.com/pentestfunctions/CVE-2025-8088-Multi-Document★ 36githubgithub.com/aldisakti2/CVE-2025-8088-BUILDER-Winrar-Tool★ 28githubgithub.com/AdityaBhatt3010/CVE-2025-8088-WinRAR-Zero-Day-Path-Traversal★ 12githubgithub.com/pentestfunctions/best-CVE-2025-8088★ 10githubgithub.com/jordan922/CVE-2025-8088★ 10githubgithub.com/starfallreverie/winrar-exploit★ 8githubgithub.com/kitsuneshade/WinRAR-Exploit-Tool---Rust-Edition★ 8githubgithub.com/lennertdefauw/CVE-2025-8088★ 5githubgithub.com/walidpyh/CVE-2025-8088★ 5githubgithub.com/Syrins/CVE-2025-8088-Winrar-Tool-Gui★ 3githubgithub.com/pexlexity/WinRAR-CVE-2025-8088-Path-Traversal-PoC★ 2githubgithub.com/travisbgreen/cve-2025-8088★ 2githubgithub.com/undefined-name12/CVE-2025-8088-Winrar★ 2githubgithub.com/Shinkirou789/Cve-2025-8088-WinRar-vulnerability★ 1githubgithub.com/DeepBlue-dot/CVE-2025-8088-WinRAR-Startup-PoC★ 1githubgithub.com/pescada-dev/-CVE-2025-8088★ 1githubgithub.com/0xAbolfazl/CVE-2025-8088-WinRAR-PathTraversal-PoC★ 1githubgithub.com/ilhamrzr/RAR-Anomaly-Inspector★ 1githubgithub.com/xi0onamdev/WinRAR-CVE-2025-8088-Exploitation-Toolkit★ 0githubgithub.com/nhattanhh/CVE-2025-8088★ 0githubgithub.com/IsmaelCosma/CVE-2025-8088★ 0githubgithub.com/techcorp/CVE-2025-8088-Exploit★ 0githubgithub.com/ghostn4444/CVE-2025-8088★ 0githubgithub.com/shaheeryasirofficial/CVE-2025-8088★ 0githubgithub.com/hbesljx/CVE-2025-8088-EXP★ 0⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://arstechnica.com/security/2025/08/high-severity-winrar-0-day-exploited-for-weeks-by-2-groups/https://support.dtsearch.com/faq/dts0245.htmhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-8088https://www.vicarius.io/vsociety/posts/cve-2025-8088-detect-winrar-zero-dayhttps://www.vicarius.io/vsociety/posts/cve-2025-8088-mitigate-winrar-zero-day-using-srp-and-ifeohttps://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5